package com.ytlz.dmcs.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
public class BrowerSecurityConfig extends WebSecurityConfigurerAdapter {
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.formLogin()
		.loginPage("/login") 
		.defaultSuccessUrl("/")
		.loginProcessingUrl("/user/login")
		.and()
		.authorizeRequests()
		.antMatchers("/login").permitAll()
		.antMatchers("/easyui/**","/js/**","/css/**","/fonts/**","/*.html").permitAll()
		.anyRequest()
		.authenticated()
		.and().headers().frameOptions().disable()
		.and().csrf().disable();
		
	}

	@Bean
	public PasswordEncoder passwordEncoder() {
	     return new BCryptPasswordEncoder();
	 }
}
